mitigate risk & optimize your ad for windows server 2016, office...
TRANSCRIPT
Mitigate risk & optimize your AD for Windows Server 2016, Office 365 and Azure AD
Windows Server 2016Cloud-Ready Operating System
“Windows Server 2016 is the cloud-ready operating system that delivers new layers of security and
Azure-inspired innovation for the applications and infrastructure that power your business.”
IT pros are looking forward to:
• Improvements to Hyper-V (VM resiliency, rolling
cluster updates, hot add for memory and network
adapters)
• PowerShell 5.0 (ability to send commands to VMs
directly from the host)
• Enhanced security features (Host Guardian
Service and shielded VMs)
• Software defined storage upgrades (Storage
Spaces Direct and Storage QoS)
Benefits of AD modernization
"Microsoft believes it's a good
time to modernize your
infrastructure …It's important
and necessary to have a clean
and streamlined AD
environment when taking
advantage of all benefits of
technology like Office 365 and
other cloud-based
applications and
infrastructure.” -Mark Linton, GM OEM Prod Mgmt. Group
ROI: 124%
Payback: 23 Months
Benefits: $14.5 M
Costs: $6.5 M
Disclaimer: Dell commissioned Forrester to
do a TEI study
“Modernizing your AD deployment will enable you to take advantage of Microsoft’s new best practices and the new features available to you.”
-Darren Mar-Elia, contributing editor, Windows IT Pro magazine MSFT MVP
MICROSOFT FORRESTER MVP
What about Azure Active Directory?
o Office 365 *requires* an Azure AD instance
o Azure AD provides the Directory Service for Office 365 applications
o Azure AD integrates with on-prem AD creating a HYBRID Directory
environment
Azure Active Directory
90% of Companies use AD-
On prem.
O365 Adoption Growing at
70% YoY
AAD has >10M tenants
75% of Orgs. > 500 users
sync AD-On prem. >> AAD
Hybrid Directory
How Hybrid AD was ‘created’
8
On-Premises AD Azure AD
•LDAP Interface
•Kerberos/NTLM Authentication
•Hierarchical structure (OUs, etc.)
•Rich schema
•Integrated management services (e.g. Group Policy)
•Tight Windows integration
•PowerShell and REST interfaces
•OAUTH and SAML authentication
•Flat structure
•Simple non-extensible schema
•Management services are add-on
•Integrated SSO support
•Client agnostic
Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia
What Does It Mean to Modernize?
Normalize AD
Domains
Clean-up OU
Structure
Improve
SecuritySolid
Provisioning
Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia
• the fewer domains/forests you have to synchronize to Azure AD, the better
Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia
More likely to get objects you don’t want/need
Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia
Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia
- If you don’t have good control over on-prem identity lifecycle, then it won’t be
better in Azure AD
- Security - people getting access to Office 365 apps and data that shouldn’t
- Licensing - costs for licensing people who no longer exist in your org
Hybrid AD Security
75% of enterprises with
more than 500 employees
sync their on prem AD
accounts to AzureAD/O365
(AD on prem. is
authoritative)
Business challenges
• Data exfiltration
• Insider threats
• Compliance failures
• Prolonged operational
downtime
• Revenue loss due to
downtime, loss of
productivity & potential fines
• No permission baselining
• No automatic remediation
• Lack of detailed auditing
• Labor-intense/error-prone
• Lack of granular delegation
• Disjointed administration
• Manual DR processes
Technical challenges
Dangers and pitfalls if you don’t secure AD on-prem
Hybrid AD challenges
Improve the security posture of your Microsoft infrastructure
• Who has access to what sensitive
data and how did they get that
access?
• Who has elevated privileged
permissions in AD, servers and SQL
DBs?
• What systems are vulnerable to
security threats?
• How will I know if any suspicious
privileged account activities have
occurred?
• Have any changes occurred that
could be significant of an insider
threat?
• How will I know, quickly, if an
intrusion has happened?
• Could we be under brute-force attack
right now?
• Is access control allowing those
whitelisted in and blacklisted out?
• Do my users have the lowest level of user
rights possible to do their jobs?
• Are my sensitive resources protected?
• How much time will it take me to manually
remediate unauthorized changes?
• How can I be sure that ‘it’ doesn’t happen again?
• How can I test my business continuity plan without going
off line?
• How long will it take us to recover from an AD
security incident, manually?
• What is my AD RTO after a disaster?
• Can I secure access to my DC before
next time?
Why Dell Software?
Market leadership and experience
Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia
MPM Portfolio
• Network Product Guide – Product Portfolio Expansion (IT Software) ofthe Year – Gold
Active Administrator
• Redmond Reader’s Choice Award – Gold
• WindowSecurity.com Readers’ Choice Winner
Change Auditor
• People’s Choice STEVIE Award Winner
• Redmond Reader’s Choice Award – Gold
• New Product of the YearSTEVIE Winner – Bronze
• Network Product Guide – Gold
• Info Security Compliance Award – Bronze
• SIIA CODiE Award for Best GRC Solution
InTrust
• Redmond Reader’s Choice Award – Bronze
• Network Product Guide – Silver in GRC
• New Product of the Year STEVIE Winner –Bronze
Migration Manager for AD
• Redmond Reader’s Choice Award – Silver
AwardsMigration Suite for Exchange
• Redmond Reader’s Choice Award – Bronze
Migration Manager for PSTs
• New Product of the Year STEVIE Winner –Bronze
On Demand Migration for Email
• New Product of Year STEVIE Winner –Bronze
• Network Products Guide – Silver
Recovery Manager for AD Forest Edition
• People’s Choice STEVIE Award - Winner
• New Product of Year STEVIE Winner –Bronze
Unified Communications Command Suite
• UC Product of the Year - TMCNet
• Network Product Guide – Gold Innovations in UC
• STEVIE WINNER – Bronze
• Windows IT Pro Community Choice – Silver
ZeroIMPACT Migration Portfolio
• Partner of the Year Finalist – Messaging
• Global touch and hold model(one person manages issue through resolution)
• Highly skilled and certified engineers are product and domain experts who interact at the customer’s skill set
• Robust support portal and communitiesfor quick self-help, 24x7
Industry-leading support
100,000 articles
in knowledgebase
94% CSAT satisfaction rating
70% NPS net promoter score
Multiple services
to suit unique needs
Complete
lifecycle
• End-to-end portfolioassessment, migration,
security & compliance,
management
• One solutionSoftware, services,
support & community
• Migrate to/from
anywhere:AD, O365, Exchange,
Google, Lotus Notes,
SharePoint and more
• Secure & manage
cloud, hybrid or on-
prem environments
Future ready
• THE AD experts
• 180M Microsoft users
managed
• Email migration
leaders – DOUBLE the
competition
Unrivaled
experience
• Global presence
• World-class services
• Award-winning 24x7
global support
• Community members
sharing best practices
Global support
Visit us onlinehttps://software.dell.com/solutions/microsoft-platform-management/• Videos, case studies, product specs, etc.
Try it out • Free 30-day trials – download or run from Azure Marketplace
(complimentary SC and Support assistance)
• POC or workshop
Join the communityhttps://software.dell.com/community/• Product betas, how-to videos, discussions, blogs, tips and
tricks, etc.
Think Dell Software
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.